Chemolli Francesco (USI) wrote:
> I have been reported that forcing use of the MD5 HASH could
> be enough. MD5:@STRENGTH might be the "magic" key.
This removes all non-MD5 ciphers and adds a few not in the default set due to
their redicilous weakness.. such as MD5-NULL which only authenticates the
endpoints (no encryption).
If you really want to only support MD5 then you should either list the
explicit ciphers you want to support, or start from DEFAULT and remove any
ciphers you do not want to support..
DEFAULT:-SHA
Having servers who accept insanely weak SSL chipers is unwise. Can in some
situations allow an attacker to force the browser to downgrade to such weak
cipher.
Regards
Henrik
Received on Fri May 31 2002 - 09:34:06 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:32 MST